Hi, Is it possible for an application (say "snoop", with sufficient privileges) to monitor data on any socket/file descriptor in the system? Here's an example: suppose we have a browser and it creates a tcp socket to connect to a URL. Whenever the browser issues a read() and data is pushed to user space, I want "snoop" to get notified and made available a copy of the same data that the browser read. ptrace can be used to do it, but then there are several ways the app can read data. It could use read(), or recv() or recvmsg(). Is there a better way to deal with this complexity? It's like the action of "tee" on any socket/file descriptor in the system. -- Vimal _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
